Pages

20 December 2011

There are time that you want to do some unusual stuff with Tivoli Access Manager such as migrate whole TAM instance to a different machine/environment. I did that when trying to replicate KVM environment to a different location, with changing target KVMs IPs to exactly match original one and all the rest as well, including LDAP.

That last component replacement seemed to be a bit too harsh for TAM, and despite copying secAuthority suffix data 1:1, after starting KVM machine and trying to log into pdadmin, I failed to authenticate.

After some investigation it turned out that after copying security suffix data into LDAP, you then need to apply TAM acls to secAuthority objects with ivrgy tool, such as:

then you need to raise your system limit for number of open files. on linux you do it with ulimit command:

ulimit -f 8192

where number depends on the DMgr console configuration - for standard WebSphere 1024 is sufficient, whereas with WebSphere Process Server 7 you need to raise it more, to, say, 8192.

Using ulimit -f however sets ulimit for your shell session only, so next time when you restart dmgr in your shell you will hit the same problem again. You can either raise fopen parameter for your profile (in .profile) or for the whole system by inserting:

#<domain> <type> <item> <value>

* soft nofile 8192

to /etc/security/limits.conf. You must reboot your Linux in order for this change to take effect.

But of course beware on the impact on your system and consider this change well.

Good luck! Please leave a comment if my hint helped you and feel free to contact me on G+ !